REMARKS 

The Office Action dated August 22, 2007, has been received and carefully noted. 
The above amendments to the claims, and the following remarks, are submitted as a full 
and complete response thereto. 

Claims 1-78 are currently pending in the application, of which claims 1, 24, 47, 
61, and 75-78 are independent claims. Claim 37 has been amended, and claims 47-78 
have been added, to more particularly point out and distinctly claim the invention. No 
new matter has been added. Claims 1-78 are respectfully submitted for consideration. 

Claims 6-18 and 29-41 were indicated as containing allowable subject matter but 
were objected to as being dependent from rejected base claims. Applicants thank the 
Examiner for this indication of allowable subject matter. The base claims from which 
claims 6-18 and 29-41 depend should also be allowed, as discussed below, and 
consequently it is respectfully requested that the objection to claims 6-18 and 29-41 be 
withdrawn. 

Claims 1-5, 19-28, and 42-46 were rejected under 35 U.S.C. 102(b) as being 
anticipated by U.S. Patent No. 6,154,775 of Coss et al. ("Coss"). Applicants respectfully 
traverse this rejection. 

Claim 1, upon which claims 2-23 depend, is directed to a method of handling data 
packets in a network device. The method includes receiving an incoming data packet. 
The method also includes parsing the incoming data packet to obtain a portion of the 
incoming data packet. The method further includes comparing said portion with rules 
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stored in a rule table, where each rule of said rules specifies a set of actions. The method 
additionally includes selecting a match between said portion and a particular rule of said 
rules. The method also includes executing a particular set of actions specified by said 
particular rule. Each rule field of said rules includes a mask and a selection flag used in 
the comparing said portion with each rule. 

Claim 24, upon which claims 25-46 depend, is directed to a network device for 
handling data packets. The device includes a rules table. The device also includes means 
for receiving an incoming data packet. The device further includes means for parsing the 
incoming data packet to obtain a portion of the incoming data packet. The additionally 
includes means for comparing said portion with rules stored in said rule table, where each 
rule of said rules specifies a set of actions. The device also includes means for selecting a 
match between said portion and a particular rule of said rules. The device further 
includes means for executing a particular set of actions specified by said particular rule. 
Each rule field of said rules includes a mask and a selection flag used by the means for 
comparing said portion with each rule. 

Applicants respectfully submit that Coss fails to disclose or suggest all of the 
elements of any of the presently pending claims. 

Coss generally relates to methods and an apparatus for a computer network 
firewall with dynamic rule processing with the ability to dynamically alter the operations 
of rules. Coss provides, as illustrated at Figure 8 thereof, a rules table that includes a list 
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of rules, each of which has a corresponding action associated therewith. In addition, each 
rule can have a "hit count" associated with rule. 

Claims 1 and 24 each recite, in part, "each rule of said rules specifies a set of 
actions." Coss fails to disclose or suggest at least this feature of claims 1 and 24. As can 
be seen clearly from Figures 3 and 8 of Coss, each of the rules is associated with a single 
action, not a set of actions. Figure 3 and column 4, lines 31-34 were cited by the Office 
Action with respect to this feature, but neither portion of Coss discloses more than a 
single action per rule. Thus, Coss fails to anticipate claims 1 and 24, because Coss fails 
to disclose or suggest all of the features of claims 1 and 24. 

Furthermore, it would not have been obvious to modify Coss such that its rules 
specify a set of actions. Coss is directed to a firewall that either drops or passes packets. 
It would not make sense for Coss to have a rule that specifies more than one of those two 
actions, because those two actions are mutually exclusive. Thus, one of ordinary skill in 
the art would not have found motivation or suggestion to modify Coss, even if it could be 
shown that other rules lists existed in which a set of actions were provided corresponding 
to each rule (not demonstrated in the Office Action, and not admitted). Accordingly, 
Coss also cannot possibly render the subject matter of claims 1 and 24 obvious. Thus, it 
is respectfully requested that the rejection of claims 1 and 24 be withdrawn. 

Additionally, claims 1 and 24 each recite, in part, "wherein each rule field of said 
rules includes a mask and a selection flag used [for] comparing said portion with each 
rule." Coss also fails to disclose or suggest at least this feature of claims 1 and 24. 
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The Office Action cited column 7, lines 29-61, as allegedly corresponding to this 
feature. The cited passage of Coss discusses a "dependency mask" with reference to 
Figures 7 and 8 of Coss. The cited passage also mentions that a "hit count" field is used. 
As explained in Coss, " 'Hit count' indicates the number of matches which must be found 
in the cache for the specified action to be taken." These teachings do not correspond to 
what is claimed. 

As noted above, the claimed "selection flag" is "used [for] comparing said portion 
with each rule." The "hit count" of Coss is not used for comparing a portion of a packet 
with a rule. Instead, "hit count" in Coss is used to compare the rule to the contents of the 
cache. Thus, for example, as Coss indicates: "in the dependency mask named 
"realaudio," a count of 1 is used for passing UDP packets provided one requisite TCP 
session is active [and in] the dependency mask "telnet," a count of 10 is used to drop 
packets to prevent overloading resources." Accordingly, "hit count" of Coss cannot 
correspond to the claimed "selection flag" because the "hit count" of Coss is used in 
comparing a rule to a cache, not in comparing a portion of a packet to a rule. Thus, for 
this additional reason, Coss fails to anticipate claims 1 and 24. 

Furthermore it would not have been obvious to modify "hit count" of Coss to be 
used in comparing the rule to the portion of the packet. The very concept of "hit count" 
requires reference to historical data (to the extent any comparison is to be made). Thus, a 
"hit count" of one requires no comparison at all, but a "hit count" of ten absolutely 
requires comparison to historical data, which will be data outside the portion of the 
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packet. One of ordinary skill in the art consequently would not have been motivated to 
modify Coss' "hit count" to be "used [for] comparing said portion with each rule," as 
recited in claims 1 and 24. Accordingly, Coss also cannot possibly render the subject 
matter of claims 1 and 24 obvious. Thus, it is respectfully requested that the rejection of 
claims 1 and 24 be withdrawn. 

Claims 2-5, 19-23, 25-28, and 42-46 depend respectively from, and further limit, 
claims 1 and 24. Thus, it is respectfully requested that the rejection of claims 2-5, 19-23, 
25-28, and 42-46 be withdrawn at least for the reasons discussed above. 

For the reasons set forth above, it is respectfully submitted that each of claims 1- 
78 recites subject matter that is neither disclosed nor suggested in the cited art. It is, 
therefore, respectfully requested that all of claims 1-78 be allowed, and that this 
application be passed to issuance. 

If, for any reason, the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, Applicants' undersigned attorney at the indicated telephone number to arrange 
for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, Applicants respectfully petition for 
an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 
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